Apple announced today that the iPhone and iPad have been approved to handle classified information up to the “NATO Restricted” level, becoming the first consumer mobile devices to meet the alliance’s stringent information assurance requirements.
The certification allows their use in NATO environments without the need for specialized security software or custom configurations.
The milestone follows an extensive evaluation led by Germany’s Federal Office for Information Security (BSI), which conducted in-depth technical testing and security analysis of Apple’s mobile platforms. According to Apple, devices running iOS 26 and iPadOS 26 were subjected to exhaustive assessments to verify compliance with NATO nations’ operational and assurance standards.
As part of the certification process, BSI evaluated Apple’s hardware and software security architecture, including its vertically integrated approach that combines Apple silicon, secure boot chains, encryption, and operating system-level protections. Apple highlighted features such as hardware-backed encryption, biometric authentication through Face ID, and Memory Integrity Enforcement as key elements of its platform security model. These capabilities are built directly into the devices and enabled by default, eliminating the need for additional hardening tools or external security layers to meet the specified classification requirements.
The approval has resulted in iOS 26 and iPadOS 26 being listed in the NATO Information Assurance Product Catalogue, a formal registry of evaluated products approved for use within NATO environments.
Apple, headquartered in Cupertino, California, is one of the world’s largest technology companies, designing consumer electronics, operating systems, and custom silicon used by hundreds of millions of users globally. Its iPhone and iPad product lines are widely deployed across consumer, enterprise, and government sectors. With this latest certification, Apple positions its mainstream devices for expanded use in defense and government contexts traditionally dominated by specialized, purpose-built secure communications hardware.
While the NATO Restricted classification is the lowest level of classified information within NATO’s security framework, it still requires robust safeguards against unauthorized disclosure. Regular patch management, strong passcodes, device supervision through mobile device management (MDM), and adherence to physical security controls remain essential to maintaining compliance and minimizing risk.
Leave a Reply